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In the Claims 

1. (Currently Amended) A method for maintaining computer security 
comprising: 

providing a signature file containing information about known system vulnerabilities,, 
the information comprising a predefined length of a Universal Resource Locator ("URL") for 
a message header ; 

at a reverse proxy server residing between at least one client computer and a web 

server: 

receiving an incoming message from the at least one client computer, wherein 
the incoming message, if malicious and upon receipt by the web server, automatically 
causes the web server to perform an action which exploits a vulnerability of the web 
server; 

comparing a length of a URL in a message header of the incoming message 
("the incoming URL") with the predefined length in the signature file comparing the 
received incoming message with the signature file to determine whether the incoming 
message is malicious; and 

if the length of the incoming URL exceeds the predefined length, determining 
that the incoming message is malicious and it is determined to be malicious, blocking 
the incoming message from reaching the web server , wherein: 

the information comprises a predefined length of a Universal Resource 
Locator ("URL") in a message header; and 

comparing the receiv e d incoming message with the signature file to determine 
whether the incoming message is malicious comprises determining whether the 
incoming message is malicious by comparing a length of a URL in a message header 
of the incoming message with the predefined length in th e signature file. 
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2. (Previously Presented) The method of claim 1, wherein the comparing 
further comprises: 

parsing the incoming message; 

converting the incoming message into an internal structure; 
comparing the converted incoming message with the signature file; and 
determining whether the converted incoming message is malicious based on the 
comparison. 

3. (Previously Presented) The method of claim 2, further comprising 
reassembling the converted incoming message back into its original structure prior to 
forwarding it to the web server if it is determined that the code is not malicious. 

4. (Currently Amended) The method of claim ]_3^ further comprising 
forwarding the reassembled message to the web server if the length of the incoming URL is 
less than the predefined length . 

5. (Previously Presented) The method of claim 1, wherein the signature file 
contains information about known vulnerabilities of a client web server. 

6. (Original) The method as claimed in claim 1, wherein the signature file is 
made available through a web server. 

7. (Original) The method as claimed in claim 1, further comprising continuously 
updating the signature file. 

8. (Original) The method as claimed in claim 1, further comprising periodically 
downloading the signature file in order to make its copy current. 
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9. (Currently Amended) A system for maintaining computer security 
comprising: 

a signature file containing information about known system vulnerabilities , the 
information comprising a predefined length of a Universal Resource Locator ("URL") for a 
message header , the information not including viral signature patterns ; 

a web server; and 

a tangible processor controlled device comprising a reverse proxy server residing en-a 
tangible processor controlled device between at least one client computer and a web server, 
the reverse proxy server configured to: 

receive an incoming message from the at least one client computer, wherein 

the incoming message, if malicious and upon receipt by the web server, automatically 

causes the web server to perform an action which exploits a vulnerability of the web 

server; 

compare a length of a URL in a message header of the incoming message 
("the incoming URL") with the predefined length in the signature file the received 
incoming message with the signature file to determine whether the incoming message 
is malicious; and 

if the length of the incoming URL exceeds the predefined length, determine 
that the incoming message is malicious and it is determin e d to be malicious, block the 
incoming message from reaching the web server, , wherein: 

the information comprises a predefined length of a Universal Resource 
Locator ("URL") in a messag e header; and 

the proxy server is configured to compare th e received incoming message with 
the signature file by comparing a length of a URL in a message header of the 
incoming message with the predefined length in the signature file. 
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10. (Previously Presented) The system of claim 9, wherein the proxy machine 
further comprises: 

a Hypertext Transfer Protocol ("HTTP") message parser module for receiving, 
parsing and converting the incoming messages into a defined structure: 

an HTTP message analyzer module for comparing the converted incoming messages 
with the signature file; and 

an HTTP message reassembly module for reassembling the converted incoming 
messages determined not to be malicious into their original structure and forwarding them to 
the web server. 

11. (Previously Presented) The system of claim 9, wherein the signature file 
contains information about known vulnerabilities of the web server. 

12. (Original) The system of claim 9, wherein the signature file is made available 
through a web server. 

13. (Original) The system of claim 9, wherein the signature file is continuously 
updated. 

14. (Original) The system of claim 9, wherein the proxy machine periodically 
downloads the signature file in order to make its copy current. 

15. (Original) The system of claim 10, wherein the signature file is linked to the 
HTTP message analyzer module. 
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16. (Currently Amended) A tangible computer storage medium including 
computer executable code for maintaining computer security, comprising: 

code for accessing a signature file containing information about known system 
vulnerabilities, the information comprising a predefined length of a Universal Resource 
Locator ("URL") for a message header , the information not including viral signature patterns ; 

code for at a hypertext transfer protocol ("HTTP") reverse proxy server residing 
between at least one client computer and a web server: 

receiving an incoming message from the at least one client computer, wherein 

the incoming message, if malicious and upon receipt by the web server, automatically 

causes the web server to perform an action which exploits a vulnerability of the web 

server; 

comparing a length of a URL in a message header of the incoming message 
("the incoming URL") with the predefined length in the signature file the received 
incoming messag e with the signature file to determine whether the incoming message 
is malicious; and 

if the length of the incoming URL exceeds the predefined length, determining 
that the incoming message is malicious and it is determined to be malicious, blocking 
the incoming message from reaching the web server ^, wherein: 

the information comprises a predefined length of a Universal Resource 
Locator ("URL") in a message header; and 

comparing the received incoming message with the signature file comprises 
comparing a length of a URL in a m e ssage header of the incoming message with the 
predefined length in the signature file. 

17. (Previously Presented) The computer recording medium of claim 16, further 
comprising: 

code for parsing the incoming message; 

code for converting the incoming message into an internal structure; 
code for comparing the converted incoming message with the signature file; and 
code for determining whether the converted incoming message is malicious based on 
the comparison. 
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18. (Previously Presented) The computer recording medium of claim 17, further 
comprising code for reassembling the converted incoming message back into its original 
structure if it is determined that the code is not malicious. 

19. (Original) The computer recording medium of claim 18, further comprising 
code for forwarding the reassembled message to the web server. 

20. (Previously Presented) The computer recording medium of claim 16, wherein 
the signature file contains information about known vulnerabilities of a client web server. 

21. (Original) The computer recording medium of claim 16, wherein the 
signature file is made available through a web server. 

22. (Original) The computer recording medium of claim 16, further comprising 
code for continuously updating the signature file. 

23. (Original) The computer recording medium of claim 16, further comprising 
code for periodically downloading the signature file in order to make its copy current. 

24. (Previously Presented) The method of claim 1, wherein the incoming 
message comprises a Hypertext Transfer Protocol ("HTTP") message. 

25. (Previously Presented) The system of claim 9, wherein the incoming 
message comprises a Hypertext Transfer Protocol ("HTTP") message. 

26. (Previously Presented)) The computer storage medium of claim 16, wherein 
the incoming message comprises a Hypertext Transfer Protocol ("HTTP") message. 



27. 



(Canceled) 
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28. (Canceled) 

29. (Canceled) 

30. (Previously Presented) The method of claim 1, wherein: 
the information comprises a list of known system vulnerabilities; and 

comparing the received incoming message with the signature file to determine 
whether the incoming message is malicious comprises determining whether the incoming 
message is malicious by determining whether one or more characteristics of the incoming 
message satisfy one of the vulnerabilities on the list of known system vulnerabilities. 

31. (Previously Presented) The system of claim 9, wherein the viral signature 
patterns comprise one or more binary patterns associated with a virus. 

32. (Previously Presented) The computer storage medium of claim 16, wherein 
the viral signature patterns comprise one or more binary patterns associated with a virus. 

33. (Previously Presented) The method of Claim 1, wherein the incoming 
message is received from a first client computer; and further comprising: 

if the incoming message is determined to be malicious, identifying the first computer; 

and 

automatically blocking future messages received from the first client computer. 
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34. (Currently Amended) A method for maintaining computer security 
comprising: 

providing a signature file containing information about known system vulnerabilities, 
the information comprising a predefined length of a Universal Resource Locator ("URL") for 
m-a message header; 

receiving an incoming message from at least one client computer; 

comparing a length of a URL in a message header of the incoming message ("the 
incoming URL") with the predefined length in the signature file to determine whether the 
incoming message is malicious; and 

if the length of the incoming URL is greater than the predefined length, determining 
that the incoming message is malicious and incoming message is d e termined to be ma l icious, 
blocking the incoming message from reaching a web server. 

35. (New) The method of Claim 34, wherein: 

the predetermined length indicates a maximum amount of data that may be stored in a 
buffer of the web server before the buffer overflows; 

the length of the incoming URL indicates an amount of data that the incoming 
message will attempt to store on the buffer if the incoming message is received by the web 
server; and 

the step of determining that the incoming message is malicious comprises determining 
that the incoming message is capable of causing the buffer to overflow. 
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